Version Description
- Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team https://github.com/aamplugin/advanced-access-manager/issues/192
- Changed: Disabling the "User Role Filter" by default for all new AAM installations https://github.com/aamplugin/advanced-access-manager/issues/193
Download this release
Release Info
Developer | vasyltech |
Plugin | Advanced Access Manager |
Version | 6.7.9 |
Comparing to | |
See all releases |
Code changes from version 6.7.8 to 6.7.9
- aam.php +2 -2
- application/Backend/Feature/Abstract.php +9 -5
- application/Backend/Feature/Main/Jwt.php +14 -7
- application/Backend/Feature/Main/Menu.php +9 -5
- application/Backend/Feature/Main/Metabox.php +8 -4
- application/Backend/Feature/Main/Policy.php +1 -1
- application/Backend/Feature/Main/Post.php +10 -4
- application/Backend/Feature/Main/Uri.php +8 -6
- application/Backend/Feature/Settings/Service.php +12 -5
- application/Backend/Feature/Subject/Role.php +13 -8
- application/Backend/Manager.php +9 -4
- application/Backend/View.php +7 -3
- application/Backend/Widget/Login.php +11 -5
- application/Backend/tmpl/service/menu.php +1 -1
- application/Core/Contract/RequestTrait.php +23 -3
- application/Core/Contract/ServiceTrait.php +19 -8
- application/Migration/2021_10_07-base.php +50 -0
- application/Service/Content.php +1 -1
- application/Service/DeniedRedirect.php +1 -1
- application/Service/UserLevelFilter.php +11 -6
- readme.txt +5 -1
aam.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
-
* Version: 6.7.
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
@@ -264,7 +264,7 @@ if (defined('ABSPATH')) {
|
|
264 |
//define few common constants
|
265 |
define('AAM_MEDIA', plugins_url('/media', __FILE__));
|
266 |
define('AAM_KEY', 'advanced-access-manager');
|
267 |
-
define('AAM_VERSION', '6.7.
|
268 |
define('AAM_BASEDIR', __DIR__);
|
269 |
|
270 |
//load vendor
|
3 |
/**
|
4 |
* Plugin Name: Advanced Access Manager
|
5 |
* Description: Collection of features to manage your WordPress website authentication, authorization and monitoring
|
6 |
+
* Version: 6.7.9
|
7 |
* Author: Vasyl Martyniuk <vasyl@vasyltech.com>
|
8 |
* Author URI: https://vasyltech.com
|
9 |
* Text Domain: advanced-access-manager
|
264 |
//define few common constants
|
265 |
define('AAM_MEDIA', plugins_url('/media', __FILE__));
|
266 |
define('AAM_KEY', 'advanced-access-manager');
|
267 |
+
define('AAM_VERSION', '6.7.9');
|
268 |
define('AAM_BASEDIR', __DIR__);
|
269 |
|
270 |
//load vendor
|
application/Backend/Feature/Abstract.php
CHANGED
@@ -5,15 +5,16 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* Abstract class for each backend UI feature
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
abstract class AAM_Backend_Feature_Abstract
|
19 |
{
|
@@ -46,13 +47,16 @@ abstract class AAM_Backend_Feature_Abstract
|
|
46 |
*
|
47 |
* @return string
|
48 |
*
|
|
|
|
|
|
|
49 |
* @access public
|
50 |
-
* @version 6.
|
51 |
*/
|
52 |
public function save()
|
53 |
{
|
54 |
$param = $this->getFromPost('param');
|
55 |
-
$value = $this->
|
56 |
|
57 |
$object = $this->getSubject()->getObject(static::OBJECT_TYPE, null, true);
|
58 |
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* Abstract class for each backend UI feature
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
+
* @since 6.0.0 Initial implementation of the class
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
abstract class AAM_Backend_Feature_Abstract
|
20 |
{
|
47 |
*
|
48 |
* @return string
|
49 |
*
|
50 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
51 |
+
* @since 6.0.0 Initial implementation of the method
|
52 |
+
*
|
53 |
* @access public
|
54 |
+
* @version 6.7.9
|
55 |
*/
|
56 |
public function save()
|
57 |
{
|
58 |
$param = $this->getFromPost('param');
|
59 |
+
$value = $this->getSafeFromPost('value');
|
60 |
|
61 |
$object = $this->getSubject()->getObject(static::OBJECT_TYPE, null, true);
|
62 |
|
application/Backend/Feature/Main/Jwt.php
CHANGED
@@ -5,15 +5,16 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* JWT UI manager
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
class AAM_Backend_Feature_Main_Jwt
|
19 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
@@ -119,13 +120,16 @@ class AAM_Backend_Feature_Main_Jwt
|
|
119 |
*
|
120 |
* @return string
|
121 |
*
|
|
|
|
|
|
|
122 |
* @access public
|
123 |
-
* @version 6.
|
124 |
*/
|
125 |
public function save()
|
126 |
{
|
127 |
$user = AAM_Backend_Subject::getInstance();
|
128 |
-
$token =
|
129 |
$result = AAM_Service_Jwt::getInstance()->registerToken($user->ID, $token);
|
130 |
|
131 |
if ($result) {
|
@@ -145,13 +149,16 @@ class AAM_Backend_Feature_Main_Jwt
|
|
145 |
*
|
146 |
* @return string
|
147 |
*
|
|
|
|
|
|
|
148 |
* @access public
|
149 |
-
* @version 6.
|
150 |
*/
|
151 |
public function delete()
|
152 |
{
|
153 |
$user = AAM_Backend_Subject::getInstance();
|
154 |
-
$token =
|
155 |
$result = AAM_Service_Jwt::getInstance()->revokeUserToken($user->ID, $token);
|
156 |
|
157 |
if ($result) {
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* JWT UI manager
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
+
* @since 6.0.0 Initial implementation of the class
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
class AAM_Backend_Feature_Main_Jwt
|
20 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
120 |
*
|
121 |
* @return string
|
122 |
*
|
123 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
124 |
+
* @since 6.0.0 Initial implementation of the method
|
125 |
+
*
|
126 |
* @access public
|
127 |
+
* @version 6.7.9
|
128 |
*/
|
129 |
public function save()
|
130 |
{
|
131 |
$user = AAM_Backend_Subject::getInstance();
|
132 |
+
$token = $this->getFromPost('token');
|
133 |
$result = AAM_Service_Jwt::getInstance()->registerToken($user->ID, $token);
|
134 |
|
135 |
if ($result) {
|
149 |
*
|
150 |
* @return string
|
151 |
*
|
152 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
153 |
+
* @since 6.0.0 Initial implementation of the method
|
154 |
+
*
|
155 |
* @access public
|
156 |
+
* @version 6.7.9
|
157 |
*/
|
158 |
public function delete()
|
159 |
{
|
160 |
$user = AAM_Backend_Subject::getInstance();
|
161 |
+
$token = $this->getFromPost('token');
|
162 |
$result = AAM_Service_Jwt::getInstance()->revokeUserToken($user->ID, $token);
|
163 |
|
164 |
if ($result) {
|
application/Backend/Feature/Main/Menu.php
CHANGED
@@ -5,15 +5,16 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* Backend menu manager
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
class AAM_Backend_Feature_Main_Menu
|
19 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
@@ -45,12 +46,15 @@ class AAM_Backend_Feature_Main_Menu
|
|
45 |
*
|
46 |
* @return string
|
47 |
*
|
|
|
|
|
|
|
48 |
* @access public
|
49 |
-
* @version 6.
|
50 |
*/
|
51 |
public function save()
|
52 |
{
|
53 |
-
$status =
|
54 |
|
55 |
$object = AAM_Backend_Subject::getInstance()->getObject(
|
56 |
self::OBJECT_TYPE, null, true
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* Backend menu manager
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
+
* @since 6.0.0 Initial implementation of the class
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
class AAM_Backend_Feature_Main_Menu
|
20 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
46 |
*
|
47 |
* @return string
|
48 |
*
|
49 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
50 |
+
* @since 6.0.0 Initial implementation of the method
|
51 |
+
*
|
52 |
* @access public
|
53 |
+
* @version 6.7.9
|
54 |
*/
|
55 |
public function save()
|
56 |
{
|
57 |
+
$status = $this->getFromPost('status');
|
58 |
|
59 |
$object = AAM_Backend_Subject::getInstance()->getObject(
|
60 |
self::OBJECT_TYPE, null, true
|
application/Backend/Feature/Main/Metabox.php
CHANGED
@@ -12,14 +12,17 @@
|
|
12 |
*
|
13 |
* @since 6.0.0 Initial implementation of the class
|
14 |
* @since 6.7.4 https://github.com/aamplugin/advanced-access-manager/issues/167
|
|
|
15 |
*
|
16 |
* @package AAM
|
17 |
-
* @version 6.7.
|
18 |
*/
|
19 |
class AAM_Backend_Feature_Main_Metabox
|
20 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
21 |
{
|
22 |
|
|
|
|
|
23 |
/**
|
24 |
* DB cache option
|
25 |
*
|
@@ -53,16 +56,17 @@ class AAM_Backend_Feature_Main_Metabox
|
|
53 |
*
|
54 |
* @return string
|
55 |
*
|
56 |
-
* @since 6.
|
57 |
* @since 6.7.4 https://github.com/aamplugin/advanced-access-manager/issues/167
|
|
|
58 |
*
|
59 |
* @access public
|
60 |
-
* @version 6.7.
|
61 |
*/
|
62 |
public function save()
|
63 |
{
|
64 |
$items = AAM_Core_Request::post('items', array());
|
65 |
-
$status =
|
66 |
|
67 |
$object = AAM_Backend_Subject::getInstance()->getObject(
|
68 |
self::OBJECT_TYPE, null, true
|
12 |
*
|
13 |
* @since 6.0.0 Initial implementation of the class
|
14 |
* @since 6.7.4 https://github.com/aamplugin/advanced-access-manager/issues/167
|
15 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
16 |
*
|
17 |
* @package AAM
|
18 |
+
* @version 6.7.9
|
19 |
*/
|
20 |
class AAM_Backend_Feature_Main_Metabox
|
21 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
22 |
{
|
23 |
|
24 |
+
use AAM_Core_Contract_RequestTrait;
|
25 |
+
|
26 |
/**
|
27 |
* DB cache option
|
28 |
*
|
56 |
*
|
57 |
* @return string
|
58 |
*
|
59 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
60 |
* @since 6.7.4 https://github.com/aamplugin/advanced-access-manager/issues/167
|
61 |
+
* @since 6.0.0 Initial implementation of the method
|
62 |
*
|
63 |
* @access public
|
64 |
+
* @version 6.7.9
|
65 |
*/
|
66 |
public function save()
|
67 |
{
|
68 |
$items = AAM_Core_Request::post('items', array());
|
69 |
+
$status = $this->getFromPost('status', FILTER_VALIDATE_BOOLEAN);
|
70 |
|
71 |
$object = AAM_Backend_Subject::getInstance()->getObject(
|
72 |
self::OBJECT_TYPE, null, true
|
application/Backend/Feature/Main/Policy.php
CHANGED
@@ -234,7 +234,7 @@ extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAwar
|
|
234 |
}
|
235 |
|
236 |
if (!empty($record->post_title)) {
|
237 |
-
$title .= $record->post_title;
|
238 |
} else {
|
239 |
$title .= __('(no title)', AAM_KEY);
|
240 |
}
|
234 |
}
|
235 |
|
236 |
if (!empty($record->post_title)) {
|
237 |
+
$title .= esc_js($record->post_title);
|
238 |
} else {
|
239 |
$title .= __('(no title)', AAM_KEY);
|
240 |
}
|
application/Backend/Feature/Main/Post.php
CHANGED
@@ -10,6 +10,7 @@
|
|
10 |
/**
|
11 |
* Backend posts & terms service UI
|
12 |
*
|
|
|
13 |
* @since 6.5.0 https://github.com/aamplugin/advanced-access-manager/issues/89
|
14 |
* https://github.com/aamplugin/advanced-access-manager/issues/108
|
15 |
* @since 6.3.1 Fixed bug with incorrectly escaped passwords and teaser messages
|
@@ -20,7 +21,7 @@
|
|
20 |
* @since 6.0.0 Initial implementation of the class
|
21 |
*
|
22 |
* @package AAM
|
23 |
-
* @version 6.
|
24 |
*/
|
25 |
class AAM_Backend_Feature_Main_Post
|
26 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
@@ -547,12 +548,13 @@ class AAM_Backend_Feature_Main_Post
|
|
547 |
*
|
548 |
* @return mixed
|
549 |
*
|
|
|
550 |
* @since 6.3.1 Fixed bug https://github.com/aamplugin/advanced-access-manager/issues/42
|
551 |
* @since 6.2.0 Added support for the new filter `aam_sanitize_post_value_filter`
|
552 |
* @since 6.0.0 Initial implementation of the method
|
553 |
*
|
554 |
* @access protected
|
555 |
-
* @version 6.
|
556 |
*/
|
557 |
protected function sanitizeOption($option, $value)
|
558 |
{
|
@@ -560,8 +562,12 @@ class AAM_Backend_Feature_Main_Post
|
|
560 |
foreach($value as $k => $v) {
|
561 |
if ($k === 'enabled') {
|
562 |
$value[$k] = filter_var($v, FILTER_VALIDATE_BOOLEAN);
|
|
|
|
|
|
|
|
|
563 |
} else {
|
564 |
-
$value[$k] = (
|
565 |
}
|
566 |
}
|
567 |
} else { // Any scalar value has to be boolean
|
@@ -976,7 +982,7 @@ class AAM_Backend_Feature_Main_Post
|
|
976 |
*
|
977 |
* @param string $type
|
978 |
*
|
979 |
-
* @return
|
980 |
*
|
981 |
* @access protected
|
982 |
* @version 6.0.0
|
10 |
/**
|
11 |
* Backend posts & terms service UI
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
* @since 6.5.0 https://github.com/aamplugin/advanced-access-manager/issues/89
|
15 |
* https://github.com/aamplugin/advanced-access-manager/issues/108
|
16 |
* @since 6.3.1 Fixed bug with incorrectly escaped passwords and teaser messages
|
21 |
* @since 6.0.0 Initial implementation of the class
|
22 |
*
|
23 |
* @package AAM
|
24 |
+
* @version 6.7.9
|
25 |
*/
|
26 |
class AAM_Backend_Feature_Main_Post
|
27 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
548 |
*
|
549 |
* @return mixed
|
550 |
*
|
551 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
552 |
* @since 6.3.1 Fixed bug https://github.com/aamplugin/advanced-access-manager/issues/42
|
553 |
* @since 6.2.0 Added support for the new filter `aam_sanitize_post_value_filter`
|
554 |
* @since 6.0.0 Initial implementation of the method
|
555 |
*
|
556 |
* @access protected
|
557 |
+
* @version 6.7.9
|
558 |
*/
|
559 |
protected function sanitizeOption($option, $value)
|
560 |
{
|
562 |
foreach($value as $k => $v) {
|
563 |
if ($k === 'enabled') {
|
564 |
$value[$k] = filter_var($v, FILTER_VALIDATE_BOOLEAN);
|
565 |
+
} elseif (is_numeric($v)) {
|
566 |
+
$value[$k] = intval($v);
|
567 |
+
} elseif (current_user_can('unfiltered_html')) {
|
568 |
+
$value[$k] = stripslashes($v);
|
569 |
} else {
|
570 |
+
$value[$k] = wp_kses_post(stripslashes($v));
|
571 |
}
|
572 |
}
|
573 |
} else { // Any scalar value has to be boolean
|
982 |
*
|
983 |
* @param string $type
|
984 |
*
|
985 |
+
* @return object
|
986 |
*
|
987 |
* @access protected
|
988 |
* @version 6.0.0
|
application/Backend/Feature/Main/Uri.php
CHANGED
@@ -10,12 +10,13 @@
|
|
10 |
/**
|
11 |
* URI service
|
12 |
*
|
|
|
13 |
* @since 6.4.0 Improved UI functionality with better rules handling
|
14 |
* @since 6.3.0 Fixed bug with incorrectly handled record editing
|
15 |
* @since 6.0.0 Initial implementation of the class
|
16 |
*
|
17 |
* @package AAM
|
18 |
-
* @version 6.
|
19 |
*/
|
20 |
class AAM_Backend_Feature_Main_Uri
|
21 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
@@ -86,23 +87,24 @@ class AAM_Backend_Feature_Main_Uri
|
|
86 |
*
|
87 |
* @return string
|
88 |
*
|
|
|
89 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/77
|
90 |
* @since 6.3.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/35
|
91 |
* @since 6.0.0 Initial implementation of the method
|
92 |
*
|
93 |
* @access public
|
94 |
-
* @version 6.
|
95 |
*/
|
96 |
public function save()
|
97 |
{
|
98 |
-
$uri = str_replace(site_url(), '', $this->
|
99 |
$edited = $this->getFromPost('edited_uri');
|
100 |
|
101 |
// Compile rule
|
102 |
$rule = array(
|
103 |
-
'type' => $this->
|
104 |
-
'action' => $this->
|
105 |
-
'code' => $this->
|
106 |
);
|
107 |
|
108 |
$object = AAM_Backend_Subject::getInstance()->getObject(self::OBJECT_TYPE);
|
10 |
/**
|
11 |
* URI service
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
* @since 6.4.0 Improved UI functionality with better rules handling
|
15 |
* @since 6.3.0 Fixed bug with incorrectly handled record editing
|
16 |
* @since 6.0.0 Initial implementation of the class
|
17 |
*
|
18 |
* @package AAM
|
19 |
+
* @version 6.7.9
|
20 |
*/
|
21 |
class AAM_Backend_Feature_Main_Uri
|
22 |
extends AAM_Backend_Feature_Abstract implements AAM_Backend_Feature_ISubjectAware
|
87 |
*
|
88 |
* @return string
|
89 |
*
|
90 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
91 |
* @since 6.4.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/77
|
92 |
* @since 6.3.0 Fixed https://github.com/aamplugin/advanced-access-manager/issues/35
|
93 |
* @since 6.0.0 Initial implementation of the method
|
94 |
*
|
95 |
* @access public
|
96 |
+
* @version 6.7.9
|
97 |
*/
|
98 |
public function save()
|
99 |
{
|
100 |
+
$uri = str_replace(site_url(), '', $this->getSafeFromPost('uri'));
|
101 |
$edited = $this->getFromPost('edited_uri');
|
102 |
|
103 |
// Compile rule
|
104 |
$rule = array(
|
105 |
+
'type' => $this->getSafeFromPost('type'),
|
106 |
+
'action' => $this->getSafeFromPost('value'),
|
107 |
+
'code' => $this->getSafeFromPost('code')
|
108 |
);
|
109 |
|
110 |
$object = AAM_Backend_Subject::getInstance()->getObject(self::OBJECT_TYPE);
|
application/Backend/Feature/Settings/Service.php
CHANGED
@@ -5,15 +5,16 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* AAM services
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
class AAM_Backend_Feature_Settings_Service extends AAM_Backend_Feature_Abstract
|
19 |
{
|
@@ -37,8 +38,11 @@ class AAM_Backend_Feature_Settings_Service extends AAM_Backend_Feature_Abstract
|
|
37 |
*
|
38 |
* @return array
|
39 |
*
|
|
|
|
|
|
|
40 |
* @access public
|
41 |
-
* @version 6.
|
42 |
*/
|
43 |
public static function getList()
|
44 |
{
|
@@ -46,7 +50,10 @@ class AAM_Backend_Feature_Settings_Service extends AAM_Backend_Feature_Abstract
|
|
46 |
|
47 |
// Get each service status
|
48 |
foreach ($response as &$service) {
|
49 |
-
$service['status'] = AAM_Core_Config::get(
|
|
|
|
|
|
|
50 |
}
|
51 |
|
52 |
return $response;
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* AAM services
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
14 |
+
* @since 6.0.0 Initial implementation of the method
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
class AAM_Backend_Feature_Settings_Service extends AAM_Backend_Feature_Abstract
|
20 |
{
|
38 |
*
|
39 |
* @return array
|
40 |
*
|
41 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
42 |
+
* @since 6.0.0 Initial implementation of the method
|
43 |
+
*
|
44 |
* @access public
|
45 |
+
* @version 6.7.9
|
46 |
*/
|
47 |
public static function getList()
|
48 |
{
|
50 |
|
51 |
// Get each service status
|
52 |
foreach ($response as &$service) {
|
53 |
+
$service['status'] = AAM_Core_Config::get(
|
54 |
+
$service['setting'],
|
55 |
+
isset($service['defaultEnabled']) ? $service['defaultEnabled'] : true
|
56 |
+
);
|
57 |
}
|
58 |
|
59 |
return $response;
|
application/Backend/Feature/Subject/Role.php
CHANGED
@@ -10,17 +10,20 @@
|
|
10 |
/**
|
11 |
* Role view manager
|
12 |
*
|
|
|
13 |
* @since 6.5.0 Implemented https://github.com/aamplugin/advanced-access-manager/issues/97
|
14 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/72
|
15 |
* @since 6.1.0 Fixed bug with role creation process that caused PHP warning
|
16 |
* @since 6.0.0 Initial implementation of the class
|
17 |
*
|
18 |
* @package AAM
|
19 |
-
* @version 6.
|
20 |
*/
|
21 |
class AAM_Backend_Feature_Subject_Role
|
22 |
{
|
23 |
|
|
|
|
|
24 |
/**
|
25 |
* Capability that allows to manage roles
|
26 |
*
|
@@ -181,12 +184,13 @@ class AAM_Backend_Feature_Subject_Role
|
|
181 |
*
|
182 |
* @return array
|
183 |
*
|
|
|
184 |
* @since 6.5.0 Implemented https://github.com/aamplugin/advanced-access-manager/issues/97
|
185 |
* @since 6.1.0 Fixed the PHP notice where `Undefined variable: parent`
|
186 |
* @since 6.0.0 Initial implementation of the method
|
187 |
*
|
188 |
* @access private
|
189 |
-
* @version 6.
|
190 |
*/
|
191 |
private function _create()
|
192 |
{
|
@@ -195,11 +199,11 @@ class AAM_Backend_Feature_Subject_Role
|
|
195 |
);
|
196 |
|
197 |
if (current_user_can('aam_create_roles')) {
|
198 |
-
$name = sanitize_text_field(
|
199 |
$roles = AAM_Core_API::getRoles();
|
200 |
$role_id = sanitize_key(strtolower($name));
|
201 |
-
$inherit = trim(
|
202 |
-
$doClone =
|
203 |
|
204 |
// If inherited role is set get capabilities from it
|
205 |
if ($inherit) {
|
@@ -264,11 +268,12 @@ class AAM_Backend_Feature_Subject_Role
|
|
264 |
*
|
265 |
* @return array
|
266 |
*
|
|
|
267 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/72
|
268 |
* @since 6.0.0 Initial implementation of the method
|
269 |
*
|
270 |
* @access private
|
271 |
-
* @version 6.
|
272 |
*/
|
273 |
private function _edit()
|
274 |
{
|
@@ -276,8 +281,8 @@ class AAM_Backend_Feature_Subject_Role
|
|
276 |
$role = AAM_Backend_Subject::getInstance();
|
277 |
|
278 |
$role->update(
|
279 |
-
|
280 |
-
sanitize_key(
|
281 |
);
|
282 |
|
283 |
do_action('aam_post_update_role_action', $role->getSubject());
|
10 |
/**
|
11 |
* Role view manager
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
* @since 6.5.0 Implemented https://github.com/aamplugin/advanced-access-manager/issues/97
|
15 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/72
|
16 |
* @since 6.1.0 Fixed bug with role creation process that caused PHP warning
|
17 |
* @since 6.0.0 Initial implementation of the class
|
18 |
*
|
19 |
* @package AAM
|
20 |
+
* @version 6.7.9
|
21 |
*/
|
22 |
class AAM_Backend_Feature_Subject_Role
|
23 |
{
|
24 |
|
25 |
+
use AAM_Core_Contract_RequestTrait;
|
26 |
+
|
27 |
/**
|
28 |
* Capability that allows to manage roles
|
29 |
*
|
184 |
*
|
185 |
* @return array
|
186 |
*
|
187 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
188 |
* @since 6.5.0 Implemented https://github.com/aamplugin/advanced-access-manager/issues/97
|
189 |
* @since 6.1.0 Fixed the PHP notice where `Undefined variable: parent`
|
190 |
* @since 6.0.0 Initial implementation of the method
|
191 |
*
|
192 |
* @access private
|
193 |
+
* @version 6.7.9
|
194 |
*/
|
195 |
private function _create()
|
196 |
{
|
199 |
);
|
200 |
|
201 |
if (current_user_can('aam_create_roles')) {
|
202 |
+
$name = sanitize_text_field($this->getFromPost('name'));
|
203 |
$roles = AAM_Core_API::getRoles();
|
204 |
$role_id = sanitize_key(strtolower($name));
|
205 |
+
$inherit = trim($this->getFromPost('inherit'));
|
206 |
+
$doClone = $this->getFromPost('clone', FILTER_VALIDATE_BOOLEAN);
|
207 |
|
208 |
// If inherited role is set get capabilities from it
|
209 |
if ($inherit) {
|
268 |
*
|
269 |
* @return array
|
270 |
*
|
271 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
272 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/72
|
273 |
* @since 6.0.0 Initial implementation of the method
|
274 |
*
|
275 |
* @access private
|
276 |
+
* @version 6.7.9
|
277 |
*/
|
278 |
private function _edit()
|
279 |
{
|
281 |
$role = AAM_Backend_Subject::getInstance();
|
282 |
|
283 |
$role->update(
|
284 |
+
trim($this->getSafeFromPost('name')),
|
285 |
+
sanitize_key($this->getFromPost('slug'))
|
286 |
);
|
287 |
|
288 |
do_action('aam_post_update_role_action', $role->getSubject());
|
application/Backend/Manager.php
CHANGED
@@ -10,6 +10,7 @@
|
|
10 |
/**
|
11 |
* Backend manager
|
12 |
*
|
|
|
13 |
* @since 6.7.6 https://github.com/aamplugin/advanced-access-manager/issues/179
|
14 |
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/138
|
15 |
* @since 6.2.2 Added `manage_policies` and removed `blog_id` for the localized
|
@@ -19,12 +20,13 @@
|
|
19 |
* @since 6.0.0 Initial implementation of the class
|
20 |
*
|
21 |
* @package AAM
|
22 |
-
* @version 6.7.
|
23 |
*/
|
24 |
class AAM_Backend_Manager
|
25 |
{
|
26 |
|
27 |
-
use
|
|
|
28 |
|
29 |
/**
|
30 |
* Initialize the AAM backend manager
|
@@ -285,12 +287,15 @@ class AAM_Backend_Manager
|
|
285 |
*
|
286 |
* @return void
|
287 |
*
|
|
|
|
|
|
|
288 |
* @access public
|
289 |
-
* @version 6.
|
290 |
*/
|
291 |
public function adminInit()
|
292 |
{
|
293 |
-
$frame =
|
294 |
|
295 |
if ($frame) {
|
296 |
echo AAM_Backend_View::getInstance()->renderIFrame($frame);
|
10 |
/**
|
11 |
* Backend manager
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
* @since 6.7.6 https://github.com/aamplugin/advanced-access-manager/issues/179
|
15 |
* @since 6.6.2 https://github.com/aamplugin/advanced-access-manager/issues/138
|
16 |
* @since 6.2.2 Added `manage_policies` and removed `blog_id` for the localized
|
20 |
* @since 6.0.0 Initial implementation of the class
|
21 |
*
|
22 |
* @package AAM
|
23 |
+
* @version 6.7.9
|
24 |
*/
|
25 |
class AAM_Backend_Manager
|
26 |
{
|
27 |
|
28 |
+
use AAM_Core_Contract_RequestTrait,
|
29 |
+
AAM_Core_Contract_SingletonTrait;
|
30 |
|
31 |
/**
|
32 |
* Initialize the AAM backend manager
|
287 |
*
|
288 |
* @return void
|
289 |
*
|
290 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
291 |
+
* @since 6.0.0 Initial implementation of the method
|
292 |
+
*
|
293 |
* @access public
|
294 |
+
* @version 6.7.9
|
295 |
*/
|
296 |
public function adminInit()
|
297 |
{
|
298 |
+
$frame = $this->getFromQuery('aamframe');
|
299 |
|
300 |
if ($frame) {
|
301 |
echo AAM_Backend_View::getInstance()->renderIFrame($frame);
|
application/Backend/View.php
CHANGED
@@ -13,12 +13,13 @@
|
|
13 |
* This class is used to manage all AAM UI templates and interaction of the UI with
|
14 |
* AAM backend core
|
15 |
*
|
|
|
16 |
* @since 6.6.0 Allow partial to be loaded more than once
|
17 |
* @since 6.0.5 Removed prepareIframeWPAssetsURL method
|
18 |
* @since 6.0.0 Initial implementation of the class
|
19 |
*
|
20 |
* @package AAM
|
21 |
-
* @version 6.
|
22 |
*/
|
23 |
class AAM_Backend_View
|
24 |
{
|
@@ -102,8 +103,11 @@ class AAM_Backend_View
|
|
102 |
*
|
103 |
* @return string
|
104 |
*
|
|
|
|
|
|
|
105 |
* @access public
|
106 |
-
* @version 6.
|
107 |
*/
|
108 |
public function processAjax()
|
109 |
{
|
@@ -126,7 +130,7 @@ class AAM_Backend_View
|
|
126 |
'aam_ajax_filter', $response, $subject->getSubject(), $action
|
127 |
);
|
128 |
} elseif ($action === 'renderContent') {
|
129 |
-
$partial =
|
130 |
$response = $this->renderContent((!empty($partial) ? $partial : 'main'));
|
131 |
|
132 |
$accept = AAM_Core_Request::server('HTTP_ACCEPT_ENCODING');
|
13 |
* This class is used to manage all AAM UI templates and interaction of the UI with
|
14 |
* AAM backend core
|
15 |
*
|
16 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
17 |
* @since 6.6.0 Allow partial to be loaded more than once
|
18 |
* @since 6.0.5 Removed prepareIframeWPAssetsURL method
|
19 |
* @since 6.0.0 Initial implementation of the class
|
20 |
*
|
21 |
* @package AAM
|
22 |
+
* @version 6.7.9
|
23 |
*/
|
24 |
class AAM_Backend_View
|
25 |
{
|
103 |
*
|
104 |
* @return string
|
105 |
*
|
106 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
107 |
+
* @since 6.0.0 Initial implementation of the method
|
108 |
+
*
|
109 |
* @access public
|
110 |
+
* @version 6.7.9
|
111 |
*/
|
112 |
public function processAjax()
|
113 |
{
|
130 |
'aam_ajax_filter', $response, $subject->getSubject(), $action
|
131 |
);
|
132 |
} elseif ($action === 'renderContent') {
|
133 |
+
$partial = $this->getFromPost('partial');
|
134 |
$response = $this->renderContent((!empty($partial) ? $partial : 'main'));
|
135 |
|
136 |
$accept = AAM_Core_Request::server('HTTP_ACCEPT_ENCODING');
|
application/Backend/Widget/Login.php
CHANGED
@@ -5,19 +5,22 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* Secure login widget
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
class AAM_Backend_Widget_Login extends WP_Widget
|
19 |
{
|
20 |
|
|
|
|
|
21 |
/**
|
22 |
* Widget arguments
|
23 |
*
|
@@ -90,8 +93,11 @@ class AAM_Backend_Widget_Login extends WP_Widget
|
|
90 |
*
|
91 |
* @return array
|
92 |
*
|
|
|
|
|
|
|
93 |
* @access protected
|
94 |
-
* @version 6.
|
95 |
*/
|
96 |
protected function normalize($instance)
|
97 |
{
|
@@ -103,7 +109,7 @@ class AAM_Backend_Widget_Login extends WP_Widget
|
|
103 |
$instance['user-title'] = __('Howdy, %username%', AAM_KEY);
|
104 |
}
|
105 |
|
106 |
-
$instance['redirect'] =
|
107 |
|
108 |
return $instance;
|
109 |
}
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* Secure login widget
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
+
* @since 6.0.0 Initial implementation of the method
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
class AAM_Backend_Widget_Login extends WP_Widget
|
20 |
{
|
21 |
|
22 |
+
use AAM_Core_Contract_RequestTrait;
|
23 |
+
|
24 |
/**
|
25 |
* Widget arguments
|
26 |
*
|
93 |
*
|
94 |
* @return array
|
95 |
*
|
96 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
97 |
+
* @since 6.0.0 Initial implementation of the method
|
98 |
+
*
|
99 |
* @access protected
|
100 |
+
* @version 6.7.9
|
101 |
*/
|
102 |
protected function normalize($instance)
|
103 |
{
|
109 |
$instance['user-title'] = __('Howdy, %username%', AAM_KEY);
|
110 |
}
|
111 |
|
112 |
+
$instance['redirect'] = $this->getFromQuery('redirect_to');
|
113 |
|
114 |
return $instance;
|
115 |
}
|
application/Backend/tmpl/service/menu.php
CHANGED
@@ -115,7 +115,7 @@
|
|
115 |
<div class="row">
|
116 |
<div class="col-xs-12">
|
117 |
<p class="aam-notification">
|
118 |
-
<?php echo __('
|
119 |
</p>
|
120 |
</div>
|
121 |
</div>
|
115 |
<div class="row">
|
116 |
<div class="col-xs-12">
|
117 |
<p class="aam-notification">
|
118 |
+
<?php echo __('Either current user does not have enough capabilities to access any available backend menu or try to refresh the page so AAM can re-index backend menu.', AAM_KEY); ?>
|
119 |
</p>
|
120 |
</div>
|
121 |
</div>
|
application/Core/Contract/RequestTrait.php
CHANGED
@@ -5,15 +5,16 @@
|
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
8 |
-
*
|
9 |
-
* @version 6.0.0
|
10 |
*/
|
11 |
|
12 |
/**
|
13 |
* Work with HTTP requests
|
14 |
*
|
|
|
|
|
|
|
15 |
* @package AAM
|
16 |
-
* @version 6.
|
17 |
*/
|
18 |
trait AAM_Core_Contract_RequestTrait
|
19 |
{
|
@@ -41,6 +42,25 @@ trait AAM_Core_Contract_RequestTrait
|
|
41 |
return $post;
|
42 |
}
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
44 |
/**
|
45 |
* Get data from the GET/Query
|
46 |
*
|
5 |
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
* file 'license.txt', which is part of this source code package. *
|
7 |
* ======================================================================
|
|
|
|
|
8 |
*/
|
9 |
|
10 |
/**
|
11 |
* Work with HTTP requests
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/192
|
14 |
+
* @since 6.0.0 Initial implementation of the class
|
15 |
+
*
|
16 |
* @package AAM
|
17 |
+
* @version 6.7.9
|
18 |
*/
|
19 |
trait AAM_Core_Contract_RequestTrait
|
20 |
{
|
42 |
return $post;
|
43 |
}
|
44 |
|
45 |
+
/**
|
46 |
+
* Get sanitized value from post
|
47 |
+
*
|
48 |
+
* @param string $param
|
49 |
+
* @param int $filter
|
50 |
+
* @param int $options
|
51 |
+
*
|
52 |
+
* @return mixed
|
53 |
+
*
|
54 |
+
* @access public
|
55 |
+
* @version 6.7.9
|
56 |
+
*/
|
57 |
+
public function getSafeFromPost($param, $filter = FILTER_DEFAULT, $options = null)
|
58 |
+
{
|
59 |
+
$value = $this->getFromPost($param, $filter, $options);
|
60 |
+
|
61 |
+
return current_user_can('unfiltered_html') ? $value : wp_kses_post($value);
|
62 |
+
}
|
63 |
+
|
64 |
/**
|
65 |
* Get data from the GET/Query
|
66 |
*
|
application/Core/Contract/ServiceTrait.php
CHANGED
@@ -10,11 +10,12 @@
|
|
10 |
/**
|
11 |
* Reusable elements for each service
|
12 |
*
|
|
|
13 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/71
|
14 |
* @since 6.0.0 Initial implementation of the service
|
15 |
*
|
16 |
* @package AAM
|
17 |
-
* @version 6.
|
18 |
*/
|
19 |
trait AAM_Core_Contract_ServiceTrait
|
20 |
{
|
@@ -53,12 +54,17 @@ trait AAM_Core_Contract_ServiceTrait
|
|
53 |
*
|
54 |
* @return void
|
55 |
*
|
|
|
|
|
|
|
|
|
|
|
56 |
* @access public
|
57 |
-
* @version 6.
|
58 |
*/
|
59 |
-
public static function bootstrap()
|
60 |
{
|
61 |
-
if (is_null(self::$instance)) {
|
62 |
self::$instance = new self;
|
63 |
}
|
64 |
}
|
@@ -68,13 +74,18 @@ trait AAM_Core_Contract_ServiceTrait
|
|
68 |
*
|
69 |
* @return object
|
70 |
*
|
|
|
|
|
|
|
|
|
|
|
71 |
* @access public
|
72 |
-
* @version 6.
|
73 |
*/
|
74 |
-
public static function getInstance()
|
75 |
{
|
76 |
-
if (is_null(self::$instance)) {
|
77 |
-
self::bootstrap();
|
78 |
}
|
79 |
|
80 |
return self::$instance;
|
10 |
/**
|
11 |
* Reusable elements for each service
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
14 |
* @since 6.4.0 Enhancement https://github.com/aamplugin/advanced-access-manager/issues/71
|
15 |
* @since 6.0.0 Initial implementation of the service
|
16 |
*
|
17 |
* @package AAM
|
18 |
+
* @version 6.7.9
|
19 |
*/
|
20 |
trait AAM_Core_Contract_ServiceTrait
|
21 |
{
|
54 |
*
|
55 |
* @return void
|
56 |
*
|
57 |
+
* @param boolean $reload
|
58 |
+
*
|
59 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
60 |
+
* @since 6.0.0 Initial implementation of the method
|
61 |
+
*
|
62 |
* @access public
|
63 |
+
* @version 6.7.9
|
64 |
*/
|
65 |
+
public static function bootstrap($reload = false)
|
66 |
{
|
67 |
+
if (is_null(self::$instance) || $reload) {
|
68 |
self::$instance = new self;
|
69 |
}
|
70 |
}
|
74 |
*
|
75 |
* @return object
|
76 |
*
|
77 |
+
* @param boolean $reload
|
78 |
+
*
|
79 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
80 |
+
* @since 6.0.0 Initial implementation of the method
|
81 |
+
*
|
82 |
* @access public
|
83 |
+
* @version 6.7.9
|
84 |
*/
|
85 |
+
public static function getInstance($reload = false)
|
86 |
{
|
87 |
+
if (is_null(self::$instance) || $reload) {
|
88 |
+
self::bootstrap($reload);
|
89 |
}
|
90 |
|
91 |
return self::$instance;
|
application/Migration/2021_10_07-base.php
ADDED
@@ -0,0 +1,50 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 |
+
<?php
|
2 |
+
|
3 |
+
/**
|
4 |
+
* ======================================================================
|
5 |
+
* LICENSE: This file is subject to the terms and conditions defined in *
|
6 |
+
* file 'license.txt', which is part of this source code package. *
|
7 |
+
* ======================================================================
|
8 |
+
*/
|
9 |
+
|
10 |
+
namespace AAM\Migration;
|
11 |
+
|
12 |
+
use AAM_Core_Migration,
|
13 |
+
AAM_Core_Contract_MigrationInterface;
|
14 |
+
|
15 |
+
/**
|
16 |
+
* Disabling the "User Role Filter" service by default for any new AAM installation.
|
17 |
+
* However, keeping it enabled for currently running AAM instances.
|
18 |
+
*
|
19 |
+
* @package AAM
|
20 |
+
* @version 6.7.9
|
21 |
+
*/
|
22 |
+
class Migration679 implements AAM_Core_Contract_MigrationInterface
|
23 |
+
{
|
24 |
+
|
25 |
+
/**
|
26 |
+
* @inheritdoc
|
27 |
+
*
|
28 |
+
* @version 6.7.9
|
29 |
+
*/
|
30 |
+
public function run()
|
31 |
+
{
|
32 |
+
// Checking if the "aam_menu_cache" exists and if so, user was at least once
|
33 |
+
// on the AAM page, so it is not new installation
|
34 |
+
$cache = \AAM_Service_AdminMenu::getInstance()->getMenuCache();
|
35 |
+
|
36 |
+
if (!empty($cache)) {
|
37 |
+
\AAM_Core_Config::set('core.service.user-level-filter.enabled', true);
|
38 |
+
}
|
39 |
+
|
40 |
+
// Finally store this script as completed
|
41 |
+
AAM_Core_Migration::storeCompletedScript(basename(__FILE__));
|
42 |
+
|
43 |
+
return array('errors' => array());
|
44 |
+
}
|
45 |
+
|
46 |
+
}
|
47 |
+
|
48 |
+
if (defined('AAM_KEY')) {
|
49 |
+
return (new Migration679())->run();
|
50 |
+
}
|
application/Service/Content.php
CHANGED
@@ -406,7 +406,7 @@ class AAM_Service_Content
|
|
406 |
'Resource' => $resource,
|
407 |
'Metadata' => array(
|
408 |
'Teaser' => array(
|
409 |
-
'Value' => $settings['message']
|
410 |
)
|
411 |
)
|
412 |
);
|
406 |
'Resource' => $resource,
|
407 |
'Metadata' => array(
|
408 |
'Teaser' => array(
|
409 |
+
'Value' => esc_js($settings['message'])
|
410 |
)
|
411 |
)
|
412 |
);
|
application/Service/DeniedRedirect.php
CHANGED
@@ -185,7 +185,7 @@ class AAM_Service_DeniedRedirect
|
|
185 |
} elseif ($val === 'callback') {
|
186 |
$value['Callback'] = trim($destination);
|
187 |
} elseif ($val === 'message') {
|
188 |
-
$value['Message'] = $destination;
|
189 |
}
|
190 |
|
191 |
$params[] = array(
|
185 |
} elseif ($val === 'callback') {
|
186 |
$value['Callback'] = trim($destination);
|
187 |
} elseif ($val === 'message') {
|
188 |
+
$value['Message'] = esc_js($destination);
|
189 |
}
|
190 |
|
191 |
$params[] = array(
|
application/Service/UserLevelFilter.php
CHANGED
@@ -10,11 +10,12 @@
|
|
10 |
/**
|
11 |
* User Level Filter service
|
12 |
*
|
|
|
13 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/71
|
14 |
* @since 6.0.0 Initial implementation of the class
|
15 |
*
|
16 |
* @package AAM
|
17 |
-
* @version 6.
|
18 |
*/
|
19 |
class AAM_Service_UserLevelFilter
|
20 |
{
|
@@ -41,8 +42,11 @@ class AAM_Service_UserLevelFilter
|
|
41 |
*
|
42 |
* @return void
|
43 |
*
|
|
|
|
|
|
|
44 |
* @access protected
|
45 |
-
* @version 6.
|
46 |
*/
|
47 |
protected function __construct()
|
48 |
{
|
@@ -52,16 +56,17 @@ class AAM_Service_UserLevelFilter
|
|
52 |
// Settings->Services tab
|
53 |
add_filter('aam_service_list_filter', function ($services) {
|
54 |
$services[] = array(
|
55 |
-
'title'
|
56 |
-
'description'
|
57 |
-
'setting'
|
|
|
58 |
);
|
59 |
|
60 |
return $services;
|
61 |
}, 1);
|
62 |
}
|
63 |
|
64 |
-
if (AAM_Core_Config::get(self::FEATURE_FLAG,
|
65 |
$this->initializeHooks();
|
66 |
}
|
67 |
}
|
10 |
/**
|
11 |
* User Level Filter service
|
12 |
*
|
13 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
14 |
* @since 6.4.0 Enhanced https://github.com/aamplugin/advanced-access-manager/issues/71
|
15 |
* @since 6.0.0 Initial implementation of the class
|
16 |
*
|
17 |
* @package AAM
|
18 |
+
* @version 6.7.9
|
19 |
*/
|
20 |
class AAM_Service_UserLevelFilter
|
21 |
{
|
42 |
*
|
43 |
* @return void
|
44 |
*
|
45 |
+
* @since 6.7.9 https://github.com/aamplugin/advanced-access-manager/issues/193
|
46 |
+
* @since 6.0.0 Initial implementation of the method
|
47 |
+
*
|
48 |
* @access protected
|
49 |
+
* @version 6.7.9
|
50 |
*/
|
51 |
protected function __construct()
|
52 |
{
|
56 |
// Settings->Services tab
|
57 |
add_filter('aam_service_list_filter', function ($services) {
|
58 |
$services[] = array(
|
59 |
+
'title' => __('User Level Filter', AAM_KEY),
|
60 |
+
'description' => __('Extend default WordPress core users and roles handling, and make sure that users with lower user level cannot see or manager users and roles with higher level.', AAM_KEY),
|
61 |
+
'setting' => self::FEATURE_FLAG,
|
62 |
+
'defaultEnabled' => false
|
63 |
);
|
64 |
|
65 |
return $services;
|
66 |
}, 1);
|
67 |
}
|
68 |
|
69 |
+
if (AAM_Core_Config::get(self::FEATURE_FLAG, false)) {
|
70 |
$this->initializeHooks();
|
71 |
}
|
72 |
}
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Tags: access control, membership, backend menu, user role, restricted content, s
|
|
4 |
Requires at least: 4.7.0
|
5 |
Requires PHP: 5.6.0
|
6 |
Tested up to: 5.8.1
|
7 |
-
Stable tag: 6.7.
|
8 |
|
9 |
All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
|
10 |
|
@@ -91,6 +91,10 @@ We take security and privacy very seriously, that is why there are several non-n
|
|
91 |
|
92 |
== Changelog ==
|
93 |
|
|
|
|
|
|
|
|
|
94 |
= 6.7.8 =
|
95 |
* Changed: Adjusted suite of automated tests, confirmed that AAM is compatible with the latest WP version
|
96 |
|
4 |
Requires at least: 4.7.0
|
5 |
Requires PHP: 5.6.0
|
6 |
Tested up to: 5.8.1
|
7 |
+
Stable tag: 6.7.9
|
8 |
|
9 |
All you need to manage access to WordPress websites on the frontend, backend and API levels for any role, user or visitors.
|
10 |
|
91 |
|
92 |
== Changelog ==
|
93 |
|
94 |
+
= 6.7.9 =
|
95 |
+
* Changed: Enhanced security pasture by escaping potentially harmful input from users that do not have unfiltered_html capability, reported by WordPress Plugin Review Team [https://github.com/aamplugin/advanced-access-manager/issues/192](https://github.com/aamplugin/advanced-access-manager/issues/192)
|
96 |
+
* Changed: Disabling the "User Role Filter" by default for all new AAM installations [https://github.com/aamplugin/advanced-access-manager/issues/193](https://github.com/aamplugin/advanced-access-manager/issues/193)
|
97 |
+
|
98 |
= 6.7.8 =
|
99 |
* Changed: Adjusted suite of automated tests, confirmed that AAM is compatible with the latest WP version
|
100 |
|